18 September 2006

Windows Live Messenger and the UPnP madness

So as you have no doubt seen MSN messenger has had a bit of an update. Everything is all very nice (once you've turned off what you need to) and the program looks good visually, but there is one thing I hoped and prayed that the folks at Microsoft would learn to live without. The unspeakable evil that is UPnP.

In short, UPnP is a feature in many NAT routers (and no doubt other things) that automatically opens ports required by programs on a PC on the internal side of the router's network ensuring that programs that require any port works seamlessly without issue.

Though UPnP is a great idea in theory it is just scary when it comes to it potential security implications. For instance, lets suppose that program on the PC on the internal side was a nasty bit of spyware, worm or virus, then I think you'll see the potential downside to UPnP.

I did think about forwarding the required ports to make sure MSN messenger works perfectly, but sadly there are so many that messenger can choose from this is neither safe nor is it practical.

So the choice is this... Use UPnP or open the ports for the features you require.

Here is a brief listing of some required ports for live messenger (provided by this guy http://www.jonathankay.com/ on some messenger news group). Note this may not be complete, correct and is provided with no warranties etc. etc.

  • Basic text messaging/connection to Messenger server: port 1863 or 80 TCP and 443 TCP
  • File Transfer/Sharing Folders*r: 6720-65535 TCP
  • Audio*r: 5004-65535 UDP
  • Video Conference/Webcam*r: 9000-9999 or 80 TCP, 5004-65535 UDP
  • Remote Assistance*: 3389 TCP
  • Whiteboard/Application Sharing*: 1503 TCP
  • Launch Site Games**: 80 TCP

* denotes features which use Universal Plug and Play (UPnP). UPnP file transfer only available in Windows Messenger 5, MSN Messenger 5/6/7, Windows Live Messenger 8

** MSN Messenger 6 or higher feature exclusively r denotes that feature can utilize a relay server not requiring a direct connection to the contact (and therefore incoming ports not necessarily required to be available)

Posted by Colin (aka Sacs or Goldsacs) @ 12:13 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)